Part 2 of Mysql covers the topic of injecting a simple SQL injection example. Starts out slow then combines techniques and moves into more advanced topics. Prior to attempting this lesson make sure you have watched the videos in the previous blog or understand both SQL and basic python coding. I will show how to automate the injection process via python utilizing simple HTML processing abilities of beautiful soup. I will cover many python libraries for encoding data and calling web based applications. I also talk about how to deal with encrypted data and methods of enumerating files and folders looking for possible implementation issues and attack points to decrypt sensitive data via PHP/Python interaction with whats available on the server. This is the 2nd part of a 3 part series on MySQL for attacking web applications.

This part of the series is a manual sql/python tutorial which will instruct the viewer on how to create their own database interaction with python, the audience being both hackers and new developers. After connecting to the database learn how to use that interaction for pulling meaningful data from a SQL database and interacting with the underlying operating systems and DB functionality. I will cover basic to more advanced sql queries and interactions. None of the videos contain any injection whatsoever, instead a DB and SQL primer for the purpose of learning a foundation prior to trying to attack the unknown. I do delve into many topics related to injection and relate many topics to injection but everything is done on the command line in an interactive lab environment you create for yourself!! The next blog in the series will cover Injection followed by code analysis and recoding applications with parametrized queries. There will also be MSSQL based stuff in the same sequence of events in future posts.